On 20 September 2016 at 12:12, אלעזר <elazarg@gmail.com> wrote:
Moreover, being able to do it programmatically is a security risk, since it requires elevated privileges that I don't know how to drop, and most people will not think about doing, but a library implementation will.
So if someone uses subprocess.run(), and the system asks the user for elevated privileges, a bug in later code can easily cause serious harm instead of failing. Yes, untrusted code should be sandboxed - but it isn't, more often than not.
It's not possible to gain elevated privileges without asking the user (certainly not on Windows, and I don't believe so on Unix). So what you're talking about is getting people used to the idea that running a script they grabbed off the internet would ask them to run it elevated, and they should agree. That sounds to me like a very dangerous lesson to be teaching. (rwt gets round this by installing dependencies to a temporary location for the duration of the script. I *really* recommend that you look into it if you haven't already). Paul